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WHAT IS CLAIMED IS: 

1 . A method for centralized processing of hardware tokens for PKI solutions 

comprising: 

receiving a commercially available token at a secure processing facility; 
installing an operating system on the token; 

creating a unique key encipherment certificate that comprises a public key for 
the token; 

writing the unique key encipherment certificate onto the token; 

writing a Root Certificate Authority certificate onto the token; 

writing a unique private key onto the token, the unique private key being the 
matching key for the unique key encipherment certificate; and 

loading a software package onto the token, the software package capable of 
cryptologically validating future keys and certificates, decrypting the keys and 
certificates, and installing the keys and certificates in the token. 

2. The method according to claim 1 , further comprising wiping the contents of 
the token after the receiving. 

3. The method according to claim 1, further comprising validating the 
operating system before the installing. 

4. The method according to claim 1 , further comprising writing the unique key 
encipherment certificate to a Read Only Memory (ROM) on the token. 
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5. The method according to claim 1 , further comprising: 
receiving the commercially available token at a workstation; 
installing the token in the workstation; and 

performing the installing, first second and third writing, and the loading 
remotely from the secure processing facility to the token at the workstation. 

6. The method according to claim 1 , further comprising performing the 
installing, first second and third writing, and the loading using a Datacard 9000 
machine. 

7. The method according to claim 1 , further performing maintaining a copy of 
the public key for the token at the secure processing facility.. 

8. The method according to claim 1 , further comprising maintaining a copy of 
the public key of the token at the secure processing facility. 

9. The method according to claim 1 , further comprising sending at least one 
of a new key and a new certificate to the token remotely by the secure processing 
facility using a secure communication between the secure processing facility and the 
token, the token being attached to a remote processing device. 

10. The method according to claim 9, further comprising encrypting the at 
least one of the new key and the new certificate using the public key of the token. 
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1 1 . The method according to claim 10, further comprising validating that the 
at least one of the new key and the new certificate was sent from the secure 
processing facility using the Root Certificate Authority certificate on the token. 

12. The method according to claim 1, further comprising receiving a request 
for the token from a user before the installing. 

13. The method according to claim 12, wherein the unique key encipherment 
certificate comprises an identification of the user. 

14. The method according to claim 13, further comprising storing a mapping 
of the user identification, the unique key encipherment certificate, and a serial 
number of the token in a database at the secure processing facility. 

15. A system for centralized processing of hardware tokens for PKI solutions 
comprising: 

a token; 

a token initialization machine, the token being connectable to the token 
initialization machine; 

a secure processing facility; and 

a Root Certificate Authority, the Root Certificate Authority signing certificates 
of the secure processing facility, the secure processing facility receiving the token 
and using the token initialization machine to install an operating system on the token, 
write a unique key encipherment certificate onto the token, write a certificate of the 
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Root Certificate Authority onto the token, write a unique private key onto the token, 
and load a software package onto the token where the software package is capable 
of cryptologically validating future keys and certificates, decrypting the keys and 
certificates, and installing the keys and certificates in the token. 

16. The system according to claim 15, further comprising a crypto 
accelerator, the crypto accelerator being used by the secure processing facility to 
create the unique key encipherment certificate and the unique private key, the 
unique key encipherment certificate comprising a public key for the token. 

17. The system according to claim 15, wherein the token comprises a 
smartcard. 

18. The system according to claim 15, wherein the token initialization 
machine comprises a Datacard 9000 machine. 

19. The system according to claim 15, wherein the secure processing center 
comprises a Certificate Authority. 

20. The system according to claim 15, further comprising wherein the 
identifiers comprise at least one of a Meta tag, label, tag, and a command. 

21 . The system according to claim 15, wherein the token comprises a 
commercially available token. 
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22. The system according to claim 15, wherein the secure processing facility 
includes: 

a database, the database storing a mapping of a user identification, the 
unique key encipherment certificate, and a serial number of the token; and 

a storage device, the storage device storing all public keys on the token. 

23. An apparatus comprising a storage medium containing instructions stored 
therein, the instructions when executed causing a computing device to perform: 

receiving a commercially available token; 

installing an operating system on the token; 

writing the unique key encipherment certificate onto the token; 

writing a Root Certificate Authority certificate onto the token; 

writing a unique private key onto the token, the unique private key being the 
matching key for the unique key encipherment certificate; and 

loading a software package onto the token, the software package capable of 
cryptologically validating future keys and certificates, decrypting the keys and 
certificates, and installing the keys and certificates in the token. 

24. The apparatus according to claim 23, the computing device further 
performing creating a unique key encipherment certificate that comprises a public 
key for the token. 
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